CSIRT-CAN – Centro de Respuesta a Incidentes de Seguridad de Canarias

Blog Lists

Multi-factor authentication is not optional: an analysis of the Wiley Rein case

The prominent US law firm Wiley Rein has been named in a proposed class-action lawsuit alleging that the firm failed to protect sensitive personal data stolen by hackers believed to be affiliated with the Chinese government.The complaint alleges that cybercriminals accessed Microsoft 365 email accounts belonging to certain Wiley Rein employees between July 2024 and June 2025 before the company detected the intrusion last year.The stolen data allegedly includes names, addresses, dates of birth, financial account numbers, medical information, and full or partial Social Security numbers, according to the lawsuit. The company did not begin notifying victims until around March 6, 2026, the complaint alleges."The Wiley Rein breach differs from typical data breaches because it affects consumers who had no relationship with Wiley Rein, never sought it out, and never consented to Wiley Rein collecting and storing their information," the lawsuit stated.This case reminds us of the fragility of cybersecurity systems, especially if we hand over our data to third parties without preventative measures. At a time when cyberattacks are so frequent, precautions like two-factor authentication are non-negotiable.Let's look at a series of scenarios in which the attack could have been prevented.Scenario 1: Without two-factor authenticationThe attacker sends a phishing email, obtains the username and password, logs into Microsoft 365, and can review emails. In this way, they have full access to all the information shared in emails.Scenario 2: With basic two-factor authenticationWith MFA enabled, stealing the password wouldn't be enough. The attacker would also have needed to bypass the second factor: SMS code, push notification, authenticator app, physical token, or similar. In practice, the attack would likely have unfolded as follows:1. The employee falls for the phishing scam and enters their password.2. The attacker attempts to log in.3. Microsoft 365 requests the second factor.4. If the employee does not approve the request, access is blocked.5. The incident may be reduced to “stolen credentials” instead of “compromised mailbox.”Scenario 3: with Phishing-Resistant MFAThe most robust scenario would have been to use physical security keys with certificate authentication. This is especially relevant in legal contexts with access to sensitive information. This method is used in Spain through digital certificates to ensure the security of customer data at all times.Two-factor authentication does not prevent an attack, but it can prevent a personal data breach. 

Read more

CSIRT-CAN PROMOTES FEMALE TALENT IN CYBERSECURITY AT HACKRON 2026

This Friday, May 15th, Hackron made its first stop in Santa Cruz de Tenerife. The leading Cybersecurity Congress in the Canary Islands held another edition featuring innovative presentations and the participation of the Director General of Digital Transformation, Guadalupe González Taño, who presented the CSIRT-CAN  project.The Director General emphasized the importance of promoting a greater presence of women in Cybersecurity. Women hold management and key positions at CSIRT-CAN;  however, it is essential to incorporate female talent into an industry that continues to grow and generate jobs.During the CSIRT-CAN  presentation, it was reiterated that this is a strategic and innovative project that impacts local entities, helping them protect themselves and creating a cyberspace where the Canary Islands are a safe community by and for the people of the Canary Islands. We thank Hackron for inviting us to participate and continue spreading knowledge, becoming a platform for young talent and, ultimately, fighting for a future where cybersecurity is at the epicenter of civic life. 

Read more

Do new AI models put critical infrastructure at risk?

Mythos is a new AI model from Anthropic that stands out for its ability to program at a very high level and detect cybersecurity vulnerabilities and propose how to exploit them.Reuters says that this combination has led supervisors and regulators to treat it as a potential new source of risk, especially for banking and infrastructure with legacy systems.Supervisors at the European Central Bank (ECB) are about to question bankers about the risks that Anthropic's new artificial intelligence model could amplify cyberattacks, a source familiar with the situation told Reuters on Wednesday.ECB supervisors are gathering information about the model with the intention of asking the banks under their supervision about their preparedness for this potential new source of risk.Mythos's high-level programming capabilities have given it a potentially unprecedented ability to "identify cybersecurity vulnerabilities and devise ways to exploit them." US Treasury Secretary Scott Bissent and Federal Reserve Chairman Jerome Powell convened an emergency meeting last week with bank chiefs to warn them about the risks.Alberto Musalem told Reuters that the development underscored the need for the US central bank to "rethink how we think about cybersecurity" and to consult with banks about their own "resilience and robustness against cyber risk in this new world."British Technology Secretary Liz Kendall and Security Minister Dan Jarvis issued a similar warning to companies on Wednesday, stating that Mythos was "substantially more capable at detecting cybercrime" than any model previously tested by the government's AI Security Institute.Bank of England Governor Andrew Bailey said this week that central banks and financial regulators must quickly grasp the implications of the new model.  

Read more

TYPES OF AI: HOW DO THEY DIFFER?

Artificial intelligence (AI) is one of the most powerful innovation tools of our century. However, there are different types with diverse and complementary functions. So today we'll analyze the differences between generative AI (GPT Chat) and predictive AI (Google Maps). 1) Main objectiveGenerative AI learns patterns from large volumes of data and then generates new output, such as text, images, audio, video, or code.Predictive AI uses historical data to estimate future results or assign a category: for example, forecasting sales, detecting fraud, estimating customer churn, or deciding if an email is spam. 2) Output typeThe output of generative AI is usually something "created": an email draft, an image, a summary, a conversational response, or a piece of code. The output of predictive/traditional AI is usually a probability, label, score, recommendation, or decision: “high risk,” “customer with an 82% probability of canceling,” “approved/rejected,” “product recommended.” 3) How they “think”In simple terms: • Predictive AI tries to answer: “What will happen?” or “What category does this belong to?”• Generative AI tries to answer: “What would a new example similar to what has been learned look like?” 4) Data and trainingGenerative AI is usually trained with very large and varied datasets because it needs to learn the structure of the content to be able to produce new, convincing outputs.Predictive AI can work with more focused and labeled data for a specific task, such as default (yes/no), churn (yes/no), demand per week, or diagnosis by class. 5) Everyday Examples. Generative• Spam filter.• Credit scoring.• Fraud detection.• Sales forecasting.• Recommendation tools.• Document or image classification. Predictive • Write an email.• Create an image.• Summarize a report.• Generate code.• Create a transcript or a conversation response. 6)  An easy way to remember it• Generative: write the report.• Predictive: calculate the probability of something happening. 

Read more

Mirai: An Infrastructure for Cybercrime

Mirai is malware that infects devices such as cameras, Wi-Fi devices, and smart TVs. It turns these devices into a network controlled by attackers, known as a botnet. This malware has been used to launch coordinated massive attacks. However, there are updates to its configuration.The new variants have improved DDoS attacks. They are now larger, more distributed, and harder to block. Furthermore, the key innovation lies in the use of new malicious proxies.• The attacker redirects traffic through them.• They appear to be “normal users” from the outside. This allows them to:• Hide the attacker's identity.• Evade blocks and security systems.• Simulate legitimate traffic. It's similar to using a VPN… but illegal and with hacked devices.These innovations can be used primarily to preserve the attackers' anonymity and launch attacks on a larger scale. Unlike just a few months ago, when this malware could take down a website, it can now maintain anonymity and perpetuate fraud.They are becoming multifunctional platforms, not just attack tools. And this is extremely worrying:• There are millions of vulnerable IoT devices• Attacks are now:o Harder to detecto More profitable for attackerso More persistentFurthermore, the Mirai malware is already like a "base template" that others constantly reuse. Mirai has evolved from a DDoS tool to a complete cybercrime infrastructure. 

Read more

What do we do for you?

CSIRT-CAN offers various services for the prevention and prompt resolution of cybersecurity-related incidents.

Tarjeta de Links

Information is  PREVENTION

Incident REPORTING

Proactivity and TRAINING

Happening Now

Trends

Slider Principal

Be Careful What You Search on Google!

Read more

Vulnerability Allowing Remote Code…

Read more

[SCI] Command Injection in Moxa Products

Read more

Multiple Vulnerabilities in Power…

Read more

Listados de Alertas
Newsletter

Services by Profiles

Públicos Objetivo

What is CSIRT-CAN?

The CSIRT-CAN (Canary Islands Security Incident Response Center) is an entity dedicated to the protection and resilience of digital infrastructures in the Canary Islands. Our center specializes in the detection, analysis, and mitigation of cybersecurity incidents, providing technical and strategic support to public and private organizations.

Report an incident
CAPTCHA
Image CAPTCHA
Get new captcha!
Enter the characters shown in the image.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.